Privacy Policy "BloodPressureDB"
1. Data Protection at a Glance
General Information
BloodPressureDB is designed to support individual patients in managing diagnosed hypertension. To this end, BloodPressureDB allows the recording of blood pressure data and optionally other health data. The data is stored and can be retrieved, and evaluations such as statistics or trend charts are created. By using and storing data, you consent to the processing. You can revoke this consent at any time. You also have the option to delete your user account directly within the service. All stored data will be deleted in this process. Through the service, you can also directly retrieve all data and make corrections if necessary.
Personal data is any data that can be used to identify you personally. Detailed information on data protection can be found in the following sections of this privacy policy.
The privacy policy applies to the website and our app for various operating systems. Since the web app is part of our website, we have decided to create a common and uniform privacy policy for the website and app for different operating systems. This is intended to make it easier for you to understand.
- No collection of data that is not strictly necessary for the service or its operation (principle of data minimization)
- It is possible to use the BloodPressureDB service pseudonymously or anonymously*
- No unsolicited sharing of data with third parties
- We only collect anonymized statistical usage data for the website and app, no so-called "profiling"
* A date is considered personal if we can assign it to the same person. Of course, we assign your data to you, as that is the purpose of a user account. However, we cannot directly conclude who you are from a provided email address and a freely chosen username, and therefore consider access to be pseudonymous. You are welcome to use a new email address that has no connection to you. In the case of guest access, we also do not have this information and consider the use to be anonymous. When contacting our servers, we always have your IP address, which is considered personal data. However, we have no way of linking the IP address to a person.
There are also a few external services that we use. From a data protection perspective, this is all okay and not very concerning. However, we think you should know:
- We use Google Analytics on the website. This is done with IP anonymization.
- We use the counting pixels of VGWort to enable our authors to participate in the program for exploitation rights.
- We use YouTube for videos. Google knows when you play a video or visit a page that has an embedded video.
- We use the Amazon Partner Program. This means Amazon knows that links come from us. Occasionally, we also use other partner programs.
- The apps for Android and Apple are available through the respective app stores. The operators Google and Apple know when you download and use an app.
- We use third-party providers for sending letters and products and for processing orders and payments.
- We note image retrievals when receiving our Infomail to remove recipients who have not viewed an email for a long time.
- The apps may maintain an internal log that can be transmitted to us. This only occurs in consultation and with consent in the specific individual case.
We welcome questions and feedback regarding data protection.
Who is responsible for data collection on our website and in the app?
The data processing is carried out by the manufacturer. You can find their contact details in the imprint.
How do we collect your data?
Your data is collected in part by you providing it to us. This may include data that you enter into a form. This also includes health data that is stored and processed by BloodPressureDB. Primarily, these are blood pressure data, but you can also optionally record additional health-related data.
Other data is automatically collected by our IT systems when you visit the website and use the app. You can find more information in the section "Server Log Files" under Chapter 4.
What data is collected or can be collected in the app?
including date and time
- Username
- Email address
- Blood pressure
- Pulse
- Measurement location
- Weight
- Glucose
- Temperature
- Input/Output
- Personal notes on measurements
- Events
- Medication plan
- Other health data
What do we use your data for?
Some of the data is collected to ensure the error-free provision of the website and app. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to obtain information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this and other questions regarding data protection, you can contact us at any time at the address provided in the imprint.
Analysis Tools and Third-Party Tools
When you visit our website, your browsing behavior may be statistically evaluated. This is mainly done with cookies and so-called analysis programs. The analysis of your browsing behavior is usually anonymous; the browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
2. Hosting
External Hosting
The services are hosted by an external service provider (host). The personal data collected on this website and in the app is stored on the servers of the host. This may primarily include IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website accesses, and other data generated through a service.
The use of the host is for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data. The server location is Germany.
Further information can be found on the following website of the host: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/
3. General Information and Mandatory Information
Data Protection
The operators of these pages and apps take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g., when communicating via email) may have security gaps. A complete protection of the data from access by third parties is not possible.
Note on the Responsible Party
The responsible party for data processing is:
klier.net International S.L., Arona, Spain
You can reach us at the email address: dsb@klier.net.
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Data Protection Officer:
Horst Klier, Avenida de Chayofita 18, Arona, Spain, dsb@klier.net
Note on Data Transfer to the USA
Our website includes tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to disclose personal data to security authorities without you, as the affected party, being able to take legal action against this.
It cannot therefore be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. A simple informal message by email to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Object to Data Collection in Special Cases and Against Direct Marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR THE PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 GDPR).Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of data protection violations against the GDPR, the affected party has the right to lodge a complaint with the competent supervisory authority, particularly in the member state of their habitual residence, their workplace, or the place of the alleged violation.
For companies based in Spain, the competent supervisory authority in data protection matters is the Agencia Española de Protección de Datos (AEPD). The contact details of the AEPD are as follows:
Agencia Española de Protección de Datos
C/ Jorge Juan, 6
28001 Madrid
Spain
Website: www.aepd.es
The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as data input, orders, or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, Deletion, and Correction
You have the right to obtain information about your stored personal data, its origin, recipients, and the purpose of data processing at any time free of charge, as well as the right to request correction or deletion of this data, in accordance with applicable legal provisions. For this and other questions regarding personal data, you can contact us at any time at the address provided in the imprint.
Right to Restrict Processing
You have the right,> to request the restriction of processing your personal data. You can contact us at any time at the address provided in the imprint. The right to restrict processing exists in the following cases:
- If you contest the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of processing your personal data.
- If the processing of your personal data was unlawful, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to assert, exercise, or defend legal claims, you have the right to request the restriction of processing your personal data instead of deletion.
- If you have lodged an objection under Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing your personal data.
If you have restricted the processing of your personal data, these data apart from their storage may only be processed with your consent or for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or a member state.
Objection to advertising emails
The use of contact data published in the context of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
4. Data collection on our website and in the apps
Cookies
Our websites use so-called "cookies". Cookies are small text files and do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or an automatic deletion occurs through your web browser.
Third-party cookies may also be stored on your device when you enter our site (third-party cookies). These allow us or you to use certain services of the third party (e.g., cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertisements.
Cookies that are necessary for the electronic communication process (necessary cookies) or to provide certain functions desired by you (functional cookies, e.g., for the shopping cart function) or to optimize the website (e.g., cookies for measuring web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies has been requested, the storage of the relevant cookies will only take place based on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can configure your browser to be informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. When cookies are disabled, the functionality of this website may be limited.
As far as cookies from third parties or for analysis purposes are used, we will inform you separately in the context of this privacy policy and, if necessary, request your consent.
Server log files
The provider of the websites automatically collects and stores information in so-called server log files, which your browser or our app automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
A combination of this data with other data sources will not be made.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. In addition, the collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website for this, the server log files must also be collected.
Inquiries via email and phone
If you send us inquiries via email or phone, your information, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We may use third parties to process your inquiries.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the execution of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you provide will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after your inquiry has been processed). Mandatory legal provisions in particular retention periods remain unaffected.
Registration on the website or app and use of the service
You can register on our website or in the app to use our service. The data entered for this purpose will only be used for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. The data entered during use will only be used by us for the purpose of the service. There will be no transfer or evaluation without your consent.
The data will be stored locally on the respective device in the areas provided for this purpose by the respective system or browser. Online, the storage takes place on our own servers, which serve no other purpose than the operation of the service.
For important changes, such as changes in the scope of the offer, the sending of the Infomail, individual user notices (e.g., reminders for irregular use of the app), or for technically necessary changes, we use the email address provided during registration to inform you in this way.
The processing of the data entered during registration and use is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke any consent you have given at any time. A simple notification by email to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation. Please note that if you revoke your consent, you may no longer be able to use the app fully.
The data collected during registration and use will be stored by us as long as you are registered with us and will then be deleted. Legal retention periods remain unaffected.
Unused accounts will be deleted after 2 years of inactivity. You will receive appropriate notifications by email beforehand. Unused guest accounts will be deleted after one year. Unfortunately, we cannot contact you here.
You can delete your user account, including all data, at any time within the app. Important note: Uninstalling the app does NOT delete the account with us. We do not know how many devices you use the app on to access an account with us.
To provide a high quality of service, the app creates logs that can be transmitted to us in case of support. These will only be transmitted in consultation with our support or must be proactively sent by you to us via email. An exception is the detection of serious errors (exceptions). Here, the transmission of error details to us is also possible without prior consultation.
Processing of data (customer and contract data)
We collect, process, and use personal data only to the extent necessary for the establishment, content design, or modification of the legal relationship (inventory data). This is done based on Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. Personal data about the use of our websites (usage data) is collected, processed, and used only to the extent necessary to enable the user to use the service or to bill it. Furthermore, personal data may be collected to demonstrate positive care effects within the framework of a trial according to § 139e paragraph 4 of the Fifth Book of the Social Code.
The collected customer data will be deleted after the completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmission upon conclusion of a contract for goods shipping
We only transmit personal data to third parties if this is necessary for the processing of the contract, for example, to the companies entrusted with the delivery of the goods or to service providers commissioned with payment processing. No further transmission of the data will take place, unless you have expressly consented to the transmission. Your data will not be passed on to third parties without your explicit consent, for advertising purposes, for example.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Data transmission upon conclusion of a contract for services and digital content
We only transmit personal data to third parties if this is necessary for the processing of the contract, for example, to the service provider commissioned with payment processing.
No further transmission of the data will take place, unless you have expressly consented to the transmission. Your data will not be passed on to third parties without your explicit consent, for advertising purposes, for example.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
5. Application Telemonitoring
When using the telemonitoring function to forward your data to the treating physician, prior consent (Art. 6 para. 1 lit. a GDPR) is required. The type of data includes blood pressure and pulse values with the recording time as well as statistics. The processing takes place exclusively in Germany. When using the GDT export, a direct transmission of the data to your doctor takes place.6. Analysis tools and advertising
VG Wort counting pixel
We use the METIS access counting of VG WORT to measure accesses to online texts that we provide to you through our offer. We do this so that the copying probability of these texts can be recorded. The copying probability of a text forms the basis for a lawful distribution of remuneration according to the Copyright Act (UrhG) by VG WORT to the authors and publishers of these texts.
For this purpose, a "counting mark" is integrated into the source code of the respective online text as part of the METIS access counting. This counting mark is a uniquely assigned ID to this respective text and ensures that when visiting a text marked in this way, an access to this text can be counted. In addition, a client ID is created as part of the METIS access counting, and a so-called "METIS session cookie" is set for the user of the marked text. Using this client ID and the session cookie, it can be recognized whether the text has already been called up by this user within a browser session or not. This is intended to prevent unlawful multiple counts of this text in determining its copying probability. Neither the session cookie displayed nor any other time during the METIS access counting will personal data be processed. The METIS access counting is carried out for VG WORT by Kantar GmbH, Landsberger Straße 284, Munich 80687.
7. Infomail
Newsletter data
To save unnecessary data transmission, graphics in our Infomail are only loaded when viewed. We also note this to recognize when a recipient has not opened the emails for an extended period.
The processing of the data entered during registration is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke the consent given for the storage of the data, the email address, and their use for sending the Infomail at any time, for example, via the> "Unsubscribe" link at the end of the Infomail. The legality of the data processing operations that have already taken place remains unaffected by the revocation. However, the email address will be stored to secure the history, including confirmation of registration and unsubscription, as well as sent emails.
The data you provided for the purpose of receiving Infomail will be stored by us until you unsubscribe from the Infomail and will remain retained for legal reasons even after cancellation. Data that has been stored with us for other purposes (e.g., email addresses for the member area) will remain unaffected.
8. Plugins and Tools
YouTube
Our website uses plugins from the YouTube site operated by Google. The operator of the pages is Google Ireland Limited, Gordon House, Barrow, Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store information about the visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the enhanced privacy mode. Thus, YouTube regardless of whether you watch a video establishes a connection to the Google DoubleClick network.
If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers will be established. In this process, the YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting) after starting a video. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.
Additional data processing operations may be triggered after starting a YouTube video, over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.9. Online Marketing and Partner Programs
Amazon Partner Program
The operators of the pages participate in the Amazon EU Partner Program. On our pages, Amazon integrates advertisements and links to the Amazon.de site, from which we can earn money through advertising cost reimbursement. To this end, Amazon uses cookies to track the origin of orders. This allows Amazon to recognize that you clicked on the partner link on our website.
The storage of "Amazon cookies" is based on Art. 6 lit. f GDPR. The website operator has a legitimate interest in this, as only through the cookies can the amount of their affiliate compensation be determined.
Further information on data usage by Amazon can be found in Amazon's privacy policy: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.